If you're running any PHP based website on NGINX server and have PHP-FPM feature enabled for better performance, then beware of a newly disclosed vulnerability that could allow unauthorized attackers to hack your website server remotely.The vulnerability, tracked as CVE-2019-11043, affects websites with certain configurations of PHP-FPM that is reportedly not uncommon in the … [Read more...] about New PHP Flaw Could Let Attackers Hack Sites Running On Nginx Servers
Flaw
Sudo Flaw Lets Linux Users Run Commands As Root Even When They’re Restricted
Attention Linux Users!A new vulnerability has been discovered in Sudo—one of the most important, powerful, and commonly used utilities that comes as a core command installed on almost every UNIX and Linux-based operating system.The vulnerability in question is a sudo security policy bypass issue that could allow a malicious user or a program to execute arbitrary commands as … [Read more...] about Sudo Flaw Lets Linux Users Run Commands As Root Even When They’re Restricted
7-Year-Old Critical RCE Flaw Found in Popular iTerm2 macOS Terminal App
A 7-year-old critical remote code execution vulnerability has been discovered in iTerm2 macOS terminal emulator app—one of the most popular open source replacements for Mac's built-in terminal app.Tracked as CVE-2019-9535, the vulnerability in iTerm2 was discovered as part of an independent security audit funded by the Mozilla Open Source Support Program (MOSS) and conducted by … [Read more...] about 7-Year-Old Critical RCE Flaw Found in Popular iTerm2 macOS Terminal App
New 0-Day Flaw Affecting Most Android Phones Being Exploited in the Wild
Another day, another revelation of a critical unpatched zero-day vulnerability, this time in the world's most widely used mobile operating system, Android.What's more? The Android zero-day vulnerability has also been found to be exploited in the wild by the Israeli surveillance vendor NSO Group—infamous for selling zero-day exploits to governments—or one of its customers, to … [Read more...] about New 0-Day Flaw Affecting Most Android Phones Being Exploited in the Wild
Over A Billion Malicious Ad Impressions Exploit WebKit Flaw to Target Apple Users
The infamous eGobbler hacking group that surfaced online earlier this year with massive malvertising campaigns has now been caught running a new campaign exploiting two browser vulnerabilities to show intrusive pop-up ads and forcefully redirect users to malicious websites.To be noted, hackers haven't found any way to run ads for free; instead, the modus operandi of eGobbler … [Read more...] about Over A Billion Malicious Ad Impressions Exploit WebKit Flaw to Target Apple Users
New SIM Card Flaw Lets Hackers Hijack Any Phone Just By Sending SMS
Cybersecurity researchers today revealed the existence of a new and previously undetected critical vulnerability in SIM cards that could allow remote attackers to compromise targeted mobile phones and spy on victims just by sending an SMS.Dubbed "SimJacker," the vulnerability resides in a particular piece of software, called the S@T Browser (a dynamic SIM toolkit), embedded on … [Read more...] about New SIM Card Flaw Lets Hackers Hijack Any Phone Just By Sending SMS
Exim TLS Flaw Opens Email Servers to Remote ‘Root’ Code Execution Attacks
A critical remote code execution vulnerability has been discovered in the popular open-source Exim email server software, leaving at least over half a million email servers vulnerable to remote hackers.Exim maintainers today released Exim version 4.92.2 after publishing an early warning two days ago, giving system administrators a heads-up on its upcoming security patches that … [Read more...] about Exim TLS Flaw Opens Email Servers to Remote ‘Root’ Code Execution Attacks
Apple Releases iOS 12.4.1 Emergency Update to Patch ‘Jailbreak’ Flaw
Apple just patched an unpatched flaw that it patched previously but accidentally unpatched recently — did I confuse you?Let's try it again...Apple today finally released iOS 12.4.1 to fix a critical jailbreak vulnerability, like it or not, that was initially patched by the company in iOS 12.3 but was then accidentally got reintroduced in the previous iOS 12.4 update.For those … [Read more...] about Apple Releases iOS 12.4.1 Emergency Update to Patch ‘Jailbreak’ Flaw
iOS 12.4 jailbreak released after Apple ‘accidentally un-patches’ an old flaw
A fully functional jailbreak has been released for the latest iOS 12.4 on the Internet, making it the first public jailbreak in a long time—thanks to Apple.Dubbed "unc0ver 3.5.0," the jailbreak works with the updated iPhones, iPads and iPod Touches by leveraging a vulnerability that Apple previously patched in iOS 12.3 but accidentally reintroduced in the latest iOS version … [Read more...] about iOS 12.4 jailbreak released after Apple ‘accidentally un-patches’ an old flaw
Google Discloses 20-Year-Old Unpatched Flaw Affecting All Versions of Windows
Update — With this month's patch Tuesday updates, Microsoft has finally addressed this vulnerability, tracked as CVE-2019-1162, by correcting how the Windows operating system handles calls to Advanced Local Procedure Call (ALPC). A Google security researcher has just disclosed details of a 20-year-old unpatched high-severity vulnerability affecting all versions of Microsoft … [Read more...] about Google Discloses 20-Year-Old Unpatched Flaw Affecting All Versions of Windows